CCI-004721
CCI-004721 Definition
| Status | |
| Type | CheckType.technical |
Master Assessment Datasheet
Implementation Guidance
Determine if: - [SA-08(03)_ODP[01]; systems or system components that implement the security design principle of modularity are defined] implement the security design principle of modularity. - [SA-08(03)_ODP[02]; systems or system components that implement the security design principle of layering are defined] implement the security design principle of layering.
Validation Procedures
Examine: [SELECT FROM: System and services acquisition policy; procedures addressing the security design principles of modularity and layering used in the specification, design, development, implementation, and modification of the system; system design documentation; security and privacy requirements and specifications for the system; system security and privacy architecture; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with the responsibility for determining system security and privacy requirements; organizational personnel with system specification, design, development, implementation, and modification responsibilities; system developers; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Organizational processes for applying the security design principles of modularity and layering in system specification, design, development, implementation, and modification; mechanisms supporting the application of the security design principles of modularity and layering in system specification, design, development, implementation, and modification; mechanisms supporting and/or implementing an isolation boundary].